Skip to content

MIESC - Multi-layer Intelligent Evaluation for Smart Contracts

MIESC v5.4.3 PyPI License Python AI Powered

Defense-in-Depth Security Framework for Ethereum Smart Contracts
Master's Thesis in Cyberdefense | Universidad de la Defensa Nacional (UNDEF)

Video DemoThesisDocumentationGitHub

English | Español


Video Demonstration

Watch MIESC in Action

YouTube Demo

Watch on YouTube (~10 minutes)

Demonstrates:

  • Defense-in-Depth analysis across 9 security layers
  • 50 integrated tools (Slither, Mythril, Echidna, Certora, etc.)
  • Model Context Protocol (MCP) integration with MCP client
  • 95.8% Recall, 22.2% Precision, F1-Score 36.0% (SmartBugs-curated, 137/143 contracts)
  • Sovereign AI with Ollama (code never leaves your machine)

Scope and Limitations

Purpose:

  • Automated orchestration of 50 security analysis tools
  • AI-assisted finding correlation to reduce duplicate reports
  • DA-GNN graph-neural-network detection (the source technique reports 95.7% accuracy; Computer Networks 2024)
  • Compliance mapping to ISO/NIST/OWASP standards
  • Standardized reporting format (JSON/HTML/PDF)

Limitations:

  • Cannot detect all vulnerability classes (especially complex business logic)
  • Effectiveness metrics pending large-scale empirical validation
  • Requires manual review of all findings by qualified professionals
  • Not suitable as sole security assessment for production contracts

Important: Professional security audits mandatory for contracts handling real value.


Overview

MIESC is a production-grade smart contract security framework that implements a 9-layer Defense-in-Depth architecture, integrating 50 specialized security tools with AI-powered correlation and ML-based detection to deliver comprehensive vulnerability detection with industry-leading accuracy.

Key Achievements (v5.4.3)

  • 50 Integrated Tools across 9 defense layers
  • 95.8% Recall, 22.2% Precision, F1-Score 36.0% (SmartBugs-curated, 137/143 contracts)
  • Compliance mapping across 12 international standards (ISO 27001, NIST CSF, OWASP, …)
  • Sovereign AI with Ollama - code never leaves your machine
  • $0 Operational Cost - fully local execution
  • Now on PyPI: pip install miesc

What's Current in v5.4.3

Current Core Release - public CLI, local REST API, MCP stdio, OpenAPI, and static report generation with the platform/product UI kept outside the public package.

On the metrics in this section: the per-technique figures below (PropertyGPT recall, DA-GNN accuracy, RAG precision, etc.) are the results reported by the peer-reviewed source papers each adapter is based on (see the "Based on…" line under each). MIESC integrates these techniques as adapters and does not independently re-benchmark them, so they are not part of the reproducible claims matrix. MIESC's own measured results are the SmartBugs-curated, EVMBench and real-world exploit numbers reported elsewhere in this page and in Paper 1.

1. PropertyGPT (Layer 4 - Formal Verification)

  • Automated CVL property generation for formal verification
  • 80% recall on ground-truth Certora properties
  • Increases formal verification adoption from 5% to 40% (+700%)
  • Based on NDSS 2025 paper (arXiv:2405.02580)

2. DA-GNN (Layer 6 - ML Detection)

  • Graph Neural Network-based vulnerability detection
  • 95.7% accuracy with 4.3% false positive rate
  • Represents contracts as control-flow + data-flow graphs
  • Based on Computer Networks (ScienceDirect, Feb 2024)

3. Enhanced RAG SmartLLM (Layer 5 - AI Analysis)

  • Retrieval-Augmented Generation with ERC-20/721/1155 knowledge base
  • Verificator role for fact-checking (Generator → Verificator → Consensus)
  • Precision improved from 75% to 88% (+17%), FP rate reduced by 52%
  • Based on arXiv:2502.13167 (Feb 2025)

4. DogeFuzz (Layer 2 - Dynamic Testing)

  • AFL-style coverage-guided fuzzing with power scheduling
  • Hybrid fuzzing + symbolic execution
  • 85% code coverage, 3x faster than Echidna
  • Based on arXiv:2409.01788 (Sep 2024)

Features

9-Layer Defense Architecture

Layer Category Tools Detection Focus
1 Static Analysis Slither, Aderyn, Solhint Pattern detection (90+ detectors)
2 Dynamic Testing Echidna, Medusa, Foundry, DogeFuzz Property-based fuzzing
3 Symbolic Execution Mythril, Manticore, Halmos Deep state exploration
4 Formal Verification Certora, SMTChecker Mathematical proofs
5 Property Testing PropertyGPT, Wake, Vertigo Invariant generation
6 AI/LLM Analysis SmartLLM, GPTScan, LLM-SmartAudit Semantic analysis
7 Pattern Recognition DA-GNN, SmartGuard, Clone Detector ML-based detection
8 DeFi Security DeFi Analyzer, MEV Detector, Gas Analyzer Protocol-specific
9 Advanced Detection Advanced Detector, Threat Model Cross-layer correlation

AI-Powered Intelligence

  • Local LLM Correlation: Reduces false positives using deepseek-coder via Ollama
  • Root Cause Analysis: Developer-friendly vulnerability explanations
  • Risk Prioritization: Multi-dimensional scoring (CVSS + exploitability + impact)
  • Automated Remediation: Actionable fix recommendations with code patches

Compliance & Governance

Built-in mapping to 12 major security frameworks:

Standard Coverage Domain
ISO/IEC 27001:2022 5/5 controls Information security
ISO/IEC 42001:2023 5/5 clauses AI governance
NIST SP 800-218 5/5 practices Secure development
OWASP SC Top 10 10/10 Smart contract vulnerabilities
OWASP SCSVS Level 3 Security verification
SWC Registry 33/37 types Weakness classification
DASP Top 10 10/10 DeFi patterns
EU MiCA/DORA Partial Regulatory compliance

MCP Protocol Integration

Native Model Context Protocol support for AI assistant integration:

  • run_audit - Execute multi-tool analysis
  • correlate_findings - Apply AI filtering
  • map_compliance - Generate compliance mappings
  • generate_report - Produce formatted reports

Quick Start

Installation

# From PyPI (recommended)
pip install miesc

# With all features
pip install miesc[full]

# From source (development)
git clone https://github.com/fboiero/MIESC.git
cd MIESC && pip install -e .[dev]

Basic Usage

# Quick vulnerability scan
miesc scan contract.sol

# CI/CD mode (exit 1 if critical/high issues)
miesc scan contract.sol --ci

# Full 9-layer audit
miesc audit full contract.sol

# Check tool availability
miesc doctor

Local APIs And Reports

# Start the local REST API
pip install "miesc[django]"
python -m miesc.api.rest --host 127.0.0.1 --port 8000

# Generate a static HTML dashboard from local results
python -m src.utils.web_dashboard --results analysis/results --output analysis/dashboard

Full Installation Guide | Quick Start Guide


Architecture

Smart Contract
CoordinatorAgent (MCP)
   ┌──┴──┬──────┬─────────┐
   │     │      │         │
Layer1 Layer2 Layer3  Layer4   → Tools execute in parallel
Static Dynamic Symbolic Formal
   │     │      │         │
   └──┬──┴──────┴─────────┘
   Layer5 (Property Testing)
   Layer6 (AI/LLM Analysis)
   Layer7 (ML Pattern Recognition)
   Layer8 (DeFi Security)
   Layer9 (Advanced Detection + Correlation)
   Report (JSON/HTML/PDF/SARIF)

Component Overview

Layer Agent Purpose Output
L1-4 Analysis Agents Multi-tool scanning Raw vulnerability findings
L5 Property Agent Invariant generation CVL properties/property tests
L6 AI Agent Semantic analysis Correlated findings + root cause
L7 ML Agent Graph-based detection Vulnerability patterns
L8 DeFi Agent Protocol-specific analysis DeFi/MEV risks
L9 Advanced Agent Cross-layer correlation Final audit report

Architecture Details


Performance Metrics

v5.4.3 Results (SmartBugs-curated Benchmark)

SmartBugs-curated (143 contracts, 207 ground-truth vulnerabilities):

Metric Value Notes
Recall 95.8% 137/143 contracts, full SmartBugs-curated corpus
Precision 22.2% Full SmartBugs-curated corpus
F1-Score 36.0% Full SmartBugs-curated corpus
Slither baseline (recall) 43.2% Static-only comparison
Layered Tools 50 Core tools grouped across 9 defense layers

Secondary follow-up: a local Ollama run over the residual misses raises recall to 97.9% (140/143) at zero API cost.

EVMBench: the four-provider ensemble reaches 92.5% recall (111/120) on local high-severity extraction (not an official leaderboard result).

Real-world exploits: 81.8% recall (9 of 11), Cohen's Kappa = 0.77, across $1.59B in evaluated losses.

Test Suite

  • 5967 tests passing, 8 skipped in the latest full local regression
  • 70 public-surface tests passing across REST, MCP, OpenAPI, and distribution guards
  • 0 critical vulnerabilities
  • Configured adapter stack aligned with the 9-layer core

Academic Foundation

Master's Thesis

Title: Integrated Security Assessment Framework for Smart Contracts: A Defense-in-Depth Approach to Cyberdefense

Institution: Universidad de la Defensa Nacional (UNDEF) - IUA Córdoba

Author: Fernando Boiero

Advisor: M.Sc. Eduardo Casanovas

Expected Defense: Q4 2025

Research Contributions

  1. 9-Layer Defense-in-Depth Architecture for smart contract security
  2. 50 Tool Integration under unified ToolAdapter protocol
  3. Triple Normalization System (SWC/CWE/OWASP)
  4. Sovereign AI Backend with Ollama for data sovereignty
  5. MCP Server for AI assistant integration
  6. Legacy Tool Rescue (Manticore Python 3.11 compatibility)

Citation

@software{boiero2025miesc,
  author = {Boiero, Fernando},
  title = {MIESC: Multi-layer Intelligent Evaluation for Smart Contracts},
  year = {2025},
  url = {https://github.com/fboiero/MIESC},
  version = {5.4.3},
  note = {Implementation for Master's thesis in Cyberdefense}
}

Thesis Documentation


Documentation

Getting Started

Releases

Developer Resources

Policies & Governance

Thesis


Contributing

We welcome contributions from the security research and blockchain communities!

How to Contribute

  1. Fork the repository
  2. Create a feature branch: git checkout -b feature/new-detector
  3. Make changes following our style guide
  4. Run quality checks: make all-checks
  5. Submit pull request

Priority Areas

  • Certora CVL specs for common patterns (ERC-20/721)
  • Echidna property templates for DeFi
  • Integration tests for all 50 tools
  • Cross-chain vulnerability analysis
  • Documentation translations

Contributing Guide


Support & Community

Get Help


Usage Examples

Quick Scan (CI/CD Integration):

miesc scan contracts/MyToken.sol --ci
# Exit code 0 if no critical issues, 1 otherwise

Full 9-Layer Audit:

miesc audit full contracts/MyToken.sol -o audit_report.json

Batch Audit (Multiple Contracts):

miesc audit batch contracts/ -r -o batch_report.json

Selective Layer Execution:

miesc audit full contracts/Treasury.sol --layers 1,3,6
# Runs only Layer 1 (Static), Layer 3 (Symbolic), Layer 6 (AI)

Export to Different Formats:

miesc audit quick contract.sol -f sarif -o report.sarif
miesc audit quick contract.sol -f markdown -o report.md

MCP Server Mode:

miesc server mcp
# Enables: audit_contract(), explain_vulnerability(), suggest_fix()

License

AGPL-3.0 License - See LICENSE for details.

Ensures framework remains open-source. Allows commercial use with attribution. Derivative works must be open-source.

Disclaimer: Research tool provided "as is" without warranties. Manual review by qualified security professionals required. Not a replacement for professional audits.


Acknowledgments

Security Tools

  • Trail of Bits (Slither, Manticore, Echidna)
  • Crytic (Medusa)
  • ConsenSys (Mythril)
  • Ackee Blockchain (Wake)
  • Certora
  • a16z (Halmos)
  • Cyfrin (Aderyn)
  • Ethereum Foundation (SMTChecker)
  • Paradigm (Foundry)
  • Anthropic (MCP)

Datasets

  • SmartBugs (INESC-ID)
  • SolidiFI (TU Delft)
  • Etherscan

Built for the Smart Contract Security Community

Get Started | View on GitHub


MIESC v5.4.3 | Master's Thesis in Cyberdefense | AGPL-3.0 License

2025 Fernando Boiero - Universidad de la Defensa Nacional (UNDEF)